Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOD OBJECT LEVEL Violations Check -reg

Go to solution
Former Member

‎04-15-2009 5:26 AM

0 Kudos

Hi

When we try to save any user id in ECC system, SOD OBJECT LEVEL violations check is starting and it is taking very long time.

Is the system trying to check the SOD voilations at all levels (user/role..) that are present in the system and any idea about how much time the violation check process is going to be run ??

Thanks

Ram

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-15-2009 5:51 AM

0 Kudos

Ram,

Yes, it seems it checking SOD violations. It will be great if you can tell us what version of Access Control is installed. It seems you have turned on RT(Risk terminator).

Regards,

Alpesh

7 REPLIES 7

Go to solution
Former Member

‎04-15-2009 5:51 AM

0 Kudos

Ram,

Yes, it seems it checking SOD violations. It will be great if you can tell us what version of Access Control is installed. It seems you have turned on RT(Risk terminator).

Regards,

Alpesh

Go to solution
Former Member

‎04-15-2009 7:14 AM

0 Kudos

Hi Alpesh

Thanks for ur Reply.

We have installed Access Control 5.3 and the RT is turned on.

regards

Ram

Go to solution
Former Member

‎04-15-2009 7:38 AM

0 Kudos

HEllo Ram,

If this is coming and the analysis is being carried out, this means you have RT configured in your system for sure.

1. Is the system trying to check the SOD voilations at all levels (user/role..) that are present in the system

The level to which the check is made depends on the config that you have made in RT. This might be at SU01 or PFCG and other similar Xns or all of them.

2. any idea about how much time the violation check process is going to be run ??

There is no definite answer for this as this depends on lots of Parameters such as:

a) Number of Roles.

b) Number of Risks configured.

c) Memory paramaters defined.

d) Level to which risks are defined and the granularity of the same, etc.

A combination of all the above entities will finally determine how much time your analysis will take.

Regards,

Hersh.

http://www.linkedin.com/in/hersh13

Go to solution
hkaur
Advisor
Advisor

‎04-15-2009 3:58 PM

0 Kudos

Hello Ram,

As stated by Hersh and Alpesh that is RT which checks violations during role creation and user assignment.

You have the option to turn it OFF also. Go to transaction /VIRSA/ZRTCNFG and select No for the options like PFCG Plug in , SU01 Role Assignment Plug in etc.

Harleen

SAP GRC RIG

Go to solution
Former Member

‎04-17-2009 8:44 AM

0 Kudos

Hello Hersh & Harleen

Thanks for your reply

If we deactivate the PFCG & SU01 role assignment plug-ins in RT, can we perform the risk violations & risk, user, role analysis functionalities in RAR

regards

Ram

Go to solution
Former Member
In response to Former Member

‎04-17-2009 3:09 PM

0 Kudos

Ram,

There won't be any change or issue in performing risk analysis in RAR if you deactivate SOD check in the SAP backend system. The SOD check is more of a preventive solution and it is called risk terminator whereas RAR is a detective solution.

Regards,

Alpesh

Go to solution
Former Member
In response to Former Member

‎04-20-2009 12:36 PM

0 Kudos

Hello Ram,

Configuring and enabling RT just means you want to have a check on authorizations against Risks before they occur. You will still get to see the analysis from RAR regardless of whether you have RT or not. RT is nothing but a sort of mechanism for risk prevention at the source system.

Regards,

Hersh.

http://www.linkedin.com/in/hersh13